I now have keys at the directory in the command above (/etc/letsencrypt/live/.duckdns.org).
after properly forwarding my ports on my router (router 80 to host 80 and router 443 to host 8124), going to mydomain.duckdns.org/states gives me this:
Does anybody know what the correct next step is to get this working?
Is your goal to actually use Home Assistant to handle your certificate/SSL or to use a reverse proxy? You seem to be confusing them. If you are using Home Assistant you need to modify your configuration yaml to support SSL directly from Home Assistant. If you are using a reverse proxy you dont have to change anything in home assistant, just set up the proxy.
I highly recommend using a reverse proxy over using SSL in Home Assistant.
That’s part of the NGINX container configuration that you do. You tell it where the conf files reside and you modify as you see fit.
Yeah, you would use -v bind mounts to point to where your certs are and configure NGINX to handle it.
What do you mean? Setting up NGINX reverse proxy tutorials are a dime a dozen. There is nothing inherently different about setting up an NGINX reverse proxy for Home Assistant than any other site you want to proxy for. You are confused because you aren’t separating the terminology or concepts.
Home Assistant is a web app running on your network, on an IP and port.
NGINX will reverse proxy port 80/443 to WHEREVER you tell it to, including to the web app mentioned above.
I have mentioned numerous times that with an NGINX reverse proxy, it can handle ALL your SSL needs for home assistant, and you are not required to use your EXTERNAL hostname to access it, and you don’t have to change anything in the Home Assistant configuration. In fact, you can still access it internally using normal HTTP not HTTPS and nothing will be broken, unlike when you set up the HASSIO DuckDNS add-on…
You just need to separate and understand how the pieces fit together. They are all separate, but work together to create what you want. You just have to tell it what you want.
What are the benefits of using nginx if Home Assistant is the only exposed service I have? I understand the additional benfits with multiple services and services that don’t support ssl directly, just not seeing what it does for me if I only have port 8123 open now with Let’s Encrypt cerrtificates. I’m sure I’m overlooking something with security.
Let’s say you set your certificates on Home Assistant, and enforce it to use HTTPS. This requires a domain name (publicly accessible for Let’s Encrypt to work, or to get a trusted cert at all). Once you have configured Home Assistant to use SSL and this domain name it is ONLY accessible via this domain name, which means a couple of things:
Your router has to support hairpin or loopback NAT in order for you to connect to the domain name from internally (alternatively, you can set up your internal DNS to handle the domain name resolution to your internal IP)
Any apps that access your Home Assistant (looking at you node-red) require going out to resolve the name, and use the same method of access you do for your browser (either hitting the loopback/hairpin NAT or you have to set up an internal DNS)
Using Reverse Proxy, let’s say one day you want to setup something like NextCloud for your family to use, you just create another config, reverse proxying it to your NextCloud instance, get your certs, and bam, you are done. 2 different services, both using standard https port 443 accessible via subdomain names…
how do you you have yours set up and have access thru duckdns and letsencrypt without Nginx?
I have followed the instructions from the link you provided above (the Home Assistant docs) and have created certs. I forwarded port 443 to 8124 on the host machine. but when I try to access it thru my duckdns domain I get the picture I posted above.
On the RPI I was using before, all I had to do was point the config files to the certs directory and forward the port in the router and all was good. I don’t know how to point my config in to the certs file outside of the docker container.
Do I just need to add the path on the host where the certs are located to the HA config file like I did before?
edit: apparently that last part won’t work. I just tried it and got a config error.
Did you configure Home Assistant to point to your SSL certs? Did you tell it to use HTTPS?
Again, you should be using BIND MOUNTS. I keep saying it and you are not picking up on it.
Let’s say you want your certs to live in a directory called /certs in your docker container. On your host, you do -v /path/to/certs:/certs then everything inside your docker container will access the certs using /certs
2018-02-22 13:30:07 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/certs/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/certs/privkey.pem'. (See /config/configuration.yaml, line 41). Please check the docs at https://home-assistant.io/components/http/
And to be complete I forwarded port 443 on the router to 8124 on the host IP. and port 80 to 80 on the host.
Anyway, I tried to rerun the letsencrypt command using “/docker/ha-config/certs:/certs” and it reaquired new certs and put them in that directory under “/docker/ha-config/certs/live/mydomain.duckdns.org/”.
2018-02-22 15:30:42 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/certs/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/certs/privkey.pem’. (See /config/configuration.yaml, line 41).
